Tricky PayPal Phishing

Phishing

A new phishing campaign targets PayPal users by employing convincing authentic links, tricking individuals into granting unauthorized access to their accounts.

Redamp.io | PayPal Phishing

Phishing emails are often identified through typos in the sender's address or suspicious website links. However, cybersecurity firm Fortinet  reports that scammers have discovered a workaround specifically targeting PayPal , a payment service.

A new type of scam pretends to be a legitimate request for payment, sent from the official address [email protected] and in the body of the email there is actually a link to the official paypal.com website (marked in red in the image below).

Redamp.io | PayPal Phishing

What Is The New Trick?

In this scam, clicking the link directs users to log in on the legitimate PayPal website. However, PayPal then associates the email address with an existing account, granting the scammer access to the user's PayPal account.

Redamp.io | PayPal Phishing

How is this possible? The attacker created a test account on the Microsoft 365 platform, which allows you to create so-called distribution lists.

In this case, the distribution list was called Billingdepartments1 and the victim's email addresses were added to this list. The attacker can then send a PayPal request for money via the email address Billingdepartments1[@]gkjyryfjy876.onmicrosoft.com, which can easily bypass various phishing protections, since the domain onmicrosoft.com is marked as safe. All victims can therefore receive a legitimate email from PayPal, as shown in the first image.

If the victim panics and fills in their login details, they unknowingly make their account accessible to attackers and run a very high risk of having the money from their PayPal account immediately drained.

How To Protect Yourself?

The insidiousness of this type of phishing attack is that it does not use traditional methods and does not display the usual signs (unknown sender, strange-looking links in the email body), which is why it is relatively difficult to detect.

The best defense is to remain vigilant and carefully read any email you receive, no matter how credible it may appear. This attention applies especially to requests for money transfers or payments that come to you in an email.

Read the Redamp.io blog and stay regularly informed about the latest threats, or try our cybersecurity platform out and make sure your business stays safe!